Collecting, storing and disposing of customer data
It is important to collect, store, and dispose of customer data in a responsible way if you want to build and keep trust with your customers and business partners.
There are many reasons why businesses gather and keep customer information.
Targeting marketing efforts, learning more about customers, making sure someone is who they say they are and sometimes meeting legal and regulatory requirements, are all reasons why personal information is used.
It's a big responsibility to keep track of all of this information. Owners of businesses need to know their customers' and their own privacy laws and regulations in order to keep their customers' trust and loyalty.
Only collect the personal information you need to run your business
It might be tempting to know as much as you can about your customers, but if this information gets out, it could hurt your business and put your customers' safety and privacy at risk.
Think about whether you need to store full credentials
Do you have to keep full copies of papers like drivers licences or notices of assessments, or can you leave out some information? If writing down that you have confirmed someone's name is enough, is there a reason to keep a full copy for safety? Can you get reassurance in some other way, such as using the Document Verification Service?
Make sure you have security measures in place
Make sure you have enough security to keep the information you need safe. Protect online files with a password or encryption. Keep hard copies safe, like in a locked safe.
Limit who can see sensitive information
Does it make sense to keep private files on a shared drive? Share links instead of attaching files that can be sent over and over again so that you can keep control of who can access.
Businesses often depend on Managed Service Providers to keep their processes running smoothly. You should also make sure that they follow your security requirements.
Get rid of personal information that isn't needed
When you're done with personal information, destroy it or de-identify it. Think about how long records should be kept so that they aren't kept forever. Dispose of it in a responsible and timely manner. This includes backups that are often forgotten.